Supply Chain Level 0: Grinding Tractors to a Halt – Sick Codes – ESW #281



Sick Codes hacked all four John Deere Telematics Gateway’s, and the John Deere Gen4 Series Display. Without those, it’s “just a tractor.” However, this is Critical Infrastructure. In fact, without Tractors, Combines & Implements: farmers cannot plant, spray or harvest. No raw materials == no food & alcohol. You will see how long I persisted over multiple months, to gain access and was able to hack these devices to the absolute binary core, warts & all. What was the bounty? Source Code, Root File Systems, FPGA compiled binaries, the works. Agricultural Security is a serious issue. Multiple ransomware attacks last year showed exactly how destructive attacks on Food & Agriculture are, and how fragile the supply chain is.

Segment Resources:
https://sick.codes
https://github.com/sickcodes
https://www.youtube.com/watch?v=zpouLO-GXLo
https://hardwear.io/usa-2022/speakers/sick-codes.php
Visit https://www.securityweekly.com/esw for all the latest episodes!

Full Episode Show Notes

Supply Chain Level 0: Grinding Tractors to a Halt

Guests

Sick Codes

Sick Codes – Security Researcher & Consultant at Sick Codes, Automated Security Research

@sickcodes

“Sick Codes” is an Australian hacker, who resides somewhere in Asia: I love 0days, emulation, open source, reverse engineering, standing up for other researchers & fast motorbikes. I have worked on many interesting projects over the last few years including hacking & emulating TV’s, cars, tractors, watches, ice cream machines, and more. My heart lies with Free Software but I like to go where no researcher has gone before. My works include Docker-OSX, which regularly trends on GitHub with 25k+ stars, 300k+ downloads. I’ve spoken 2x at DEF CON 29, DEF CON 30, published 30+ CVEs, and do consulting and contracting.

Sick Codes will be speaking DEF CON Main Stage at DEF CON 30 August 11-14th, and recently spoke at Hardwear.io about one of the most ignored, yet highly relied on, pieces of critical infrastructure; the food supply chain.

Hosts

Adrian Sanabria

Adrian Sanabria – Director of Product Management at Tenchi Security

@sawaba

Adrian is an outspoken researcher that doesn’t shy away from uncomfortable truths. He loves to write about the security industry, tell stories, and still sees the glass as half full.

Katie Teitler

Katie Teitler – Senior Security Strategist at Axonius

@Katherinert15

Katie Teitler is a cybersecurity content creator. In her current role with Axonius, she is part of the product marketing team, helping audiences understand the value proposition of cyber asset management as it pertains to risk reduction. In past roles, Katie was an industry analyst, research director, content marketer, and freelance author, and managed content and speakers for InfoSec World, now a flagship offering of the Cyber Risk Alliance.

Tyler Robinson

Tyler Robinson – Director of Offensive Security & Research at Trimarc Security, Founder & CEO at Dark Element

@tyler_robinson

As the Managing Director of Offensive Security & Research at Trimarc, Tyler leads a team of high-performance security professionals within the offensive security field by simulating sophisticated adversaries and creating scalable offensive security platforms using the latest techniques as seen in the wild. With over 2 decades of experience, Tyler specializes in Red Teaming, APT threat modeling, blackbox network penetration testing, and Physical/Social-Engineering. Tyler has presented at multiple conferences including BSides, DefCon and Blackhat panels, SANS security events and to multiple branches of the military.

Announcements

  • Don’t miss any of your favorite Security Weekly content! Visit https://securityweekly.com/subscribe to subscribe to any of our podcast feeds and have all new episodes downloaded right to your phone! You can also join our mailing list, Discord server, and follow us on social media & our streaming platforms!